Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yeGdnLTI3M3ctcmZ3N84AA4c9
Remote Code Execution vulnerability in Apache IoTDB via UDF
Ecosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSS
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbaility
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00NDlwLTNoODktcHc4OM4AA4Vg
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yajdwLXhqdjctNzIyOc4AA4Qj
XWiki Remote Code Execution Vulnerability via User Registration
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05eGc5LWhoNDUteGNtNs4AA4LL
Apache InLong Manager Remote Code Execution vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compare
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00OWpwLWNnaGMtcDVwas4AA4HF
JeecgBoot server-side template injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mcjI5LXc2ajQtNTI1Zs4AA4HB
Jeecg Boot SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01djlyLTc4OGMtd2M4cM4AA4G-
Jeecg Boot SQL injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS14aGd4LTc5NzQtYzh2Ns4AA4C7
hyavijava stack overflow vulnerability
Ecosystems: maven
Packages: com.github:hyavijava
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithms
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command Injection
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xajg2LXA3NHItN3dwNc4AA32-
Remote code execution/programming rights with configuration section from any user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jcDNqLTI3M3gtM2p4Y84AA329
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03NjU0LXZmaDYtcnc2eM4AA328
Remote code execution from account through SearchAdmin
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xZzQ0LXhxd2otd2MyOM4AA32H
Apache StreamPark: Authenticated system users could trigger remote command execution
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05N3J2LTg4Z2YtcGh2cs4AA3yx
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jZnhoLWZyeDQtOWdqZ84AA3yd
Cross-site Scripting in @spscommerce/ds-react
Ecosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1tOHJ3LXJjcHEtMnZwMs4AA3uk
Improper Privilege Management in github.com/sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01OWM5LXB4cTgtOWM3M84AA3uj
Improper JWT Signature Validation in SAP Security Services Library
Ecosystems: maven
Packages: com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05OWpnLXIzZjQtcnB4as4AA3ss
memory overflow vulnerability in OpenEXR-viewer
Ecosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1nY2d3LXE0N20tcHJ2as4AA3r5
Improper JWT Signature Validation in SAP Security Services Library
Ecosystems: maven
Packages: com.sap.cloud.security:spring-security, com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05MmNnLWdocTYtOTU4N84AA3r1
Privilege escalation in sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wMnZ4LXFqNjYtODhxM84AA3rz
Escalation of privileges in @sap/xssec
Ecosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zN3ZxLWhyMmYtZzdoN84AA3hx
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12d2dnLTJxODItMzhjNc4AA3hw
Solon is vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerability
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03cmZnLTYyNzMtZjV3cM4AA3RM
Cookies are sent to external images in rendered diff (and server side request forgery)
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticator
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02bXY4LTk1eDUteGNxOc4AA3OV
H2O local file inclusion vulnerability
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 5 months ago
Critical
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepoints
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05M2doLWpnamotcjkyOc4AA2sM
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ
XWiki Platform XSS vulnerability from account in the create page form via template provider
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12Y3ZyLXY0MjYtM20zbc4AA2sI
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02NjN3LTJ4cDMtNTczOc4AA2sD
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Ecosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01NGY2LTlteDktODZmN84AA2pn
SaToken privilege escalation vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded key
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongoose
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oMnJtLTI5Y2gtd2ZtaM4AA2gS
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Ecosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 1,243
Ecosystems: 12
Filter by Severity
Moderate 7,470 High 6,100 Critical 2,660 Low 958
Filter by Ecosystem
npm 934 maven 820 packagist 357 pypi 328 go 205 cargo 152 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 com.liferay.portal:release.portal.bom 13 mlflow 12 langchain 12 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 org.apache.struts:struts2-core 11 magento/core 11 vm2 10 apache-airflow 10 org.xwiki.platform:xwiki-platform-oldcore 9 tensorflow 9 topthink/framework 9 funadmin/funadmin 9 shopware/platform 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 org.xwiki.platform:xwiki-platform-web-templates 8 paddlepaddle 8 tensorflow-cpu 8 tensorflow-gpu 8 moodle/moodle 8 ansible 7 rusqlite 7 gogs.io/gogs 7 dolibarr/dolibarr 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 symfony/symfony 6 github.com/argoproj/argo-cd 6 drupal/core 6 github.com/answerdev/answer 6 thorsten/phpmyfaq 6 aaptjs 6 parse-server 6 froxlor/froxlor 5 org.apache.activemq:activemq-client 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.xwiki.commons:xwiki-commons-xml 5 steal 5 org.apache.shiro:shiro-core 5 org.apache.tomcat.embed:tomcat-embed-core 5 org.jenkins-ci.plugins:script-security 5 Pillow 5 ezsystems/ezpublish-kernel 5 org.xwiki.platform:xwiki-platform-web 5 org.apache.inlong:manager-pojo 5 Microsoft.ChakraCore 5 nodebb 5 shopware/core 5 ckb 5 centreon/centreon 5 safe-eval 5 Django 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 org.apache.kylin:kylin-server-base 4 baserproject/basercms 4 apache-airflow-providers-apache-hive 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 swagger-ui 4 github.com/hashicorp/vault 4 spree_auth_devise 4 org.eclipse.jetty:jetty-server 4 github.com/usememos/memos 4 realms-shim 4 openssl-src 4 org.apache.tapestry:tapestry-core 4 smallvec 4 django 4 feehi/cms 4 safer-eval 4 net.opentsdb:opentsdb 4 org.apache.openmeetings:openmeetings-parent 4 zendframework/zendframework 4 calibreweb 4 phpmyadmin/phpmyadmin 4 PaddlePaddle 4 prestashop/prestashop 4 github.com/argoproj/argo-cd/v2 4 org.jeecgframework.boot:jeecg-boot-base-core 4 org.apache.inlong:manager-service 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 hermes-engine 4 messagepack-rs 4 feathers-sequelize 3 com.alibaba:dubbo 3 ibexa/core 3 handlebars 3 ro.pippo:pippo-core 3 nvflare 3 cobbler 3 edu.stanford.nlp:stanford-corenlp 3 francoisjacquet/rosariosis 3 facade/ignition 3 github.com/hashicorp/nomad 3 org.richfaces:richfaces-core 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 dompdf/dompdf 3 org.apache.storm:storm 3 io.undertow:undertow-core 3 org.apache.solr:solr-parent 3 org.apache.dolphinscheduler:dolphinscheduler 3 ray 3 jsrsasign 3 io.dataease:dataease-plugin-common 3 tribalsystems/zenario 3 org.apache.inlong:manager-web 3 org.xwiki.platform:xwiki-platform-search-ui 3 code.gitea.io/gitea 3 org.apache.ignite:ignite-core 3 showdoc/showdoc 3 @openzeppelin/contracts-upgradeable 3 org.apache.any23:apache-any23 3 typo3/cms 3 github.com/pterodactyl/wings 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 org.apache.logging.log4j:log4j-core 3 github.com/dexidp/dex 3 org.apache.jmeter:ApacheJMeter 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 impresscms/impresscms 3 org.apache.linkis:linkis 3 id-map 3 modoboa 3 phpmailer/phpmailer 3 com.hazelcast:hazelcast 3 rubygems-update 3 pyload-ng 3 nokogiri 3 org.jenkins-ci.plugins:active-directory 3 slp-validate 3 librenms/librenms 3 actix-web 3 org.jeecgframework.boot:jeecg-boot-base 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 pimcore/pimcore 3 org.apache.hadoop:hadoop-common 3 com.jflyfox:jflyfox_jfinal 3 org.apache.solr:solr-core 3 craftcms/cms 3 org.springframework.security:spring-security-core 3 xcb 3 publify_core 3 slpjs 3 org.xwiki.platform:xwiki-platform-icon-ui 3 drupal/drupal 3 ezsystems/ezplatform-kernel 3 strapi 3 puma 2 com.sap.cloud.security:spring-security 2 codeigniter/framework 2 org.keycloak:keycloak-parent 2 smarty/smarty 2 org.apache.shenyu:shenyu-common 2 pandasai 2 org.folio:mod-data-export-spring 2 org.xwiki.platform:xwiki-platform-scheduler-ui 2 activerecord 2 pyyaml 2 org.apache.ranger:ranger 2 github.com/rancher/rancher 2 org.keycloak:keycloak-services 2 github.com/russellhaering/gosaml2 2 org.apache.pulsar:pulsar 2 com.sap.cloud.security:java-security 2 com.hazelcast.jet:hazelcast-jet 2 deno 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 ctx 2 facturascripts/facturascripts 2 reportlab 2 github.com/moby/buildkit 2 llama-index 2 shell-quote 2 org.apache.xmlrpc:xmlrpc 2 org.apache.dubbo:dubbo-parent 2 @keystone-6/core 2 llhttp 2 wwbn/avideo 2 tenvoy 2 com.sap.cloud.security.xsuaa:spring-xsuaa 2 nilsteampassnet/teampass 2 stack_dst 2 org.apache.cassandra:cassandra-all 2 github.com/grafana/grafana 2 cn.hutool:hutool-all 2 elefant/cms 2 url-parse 2 gerapy 2 xmlhttprequest-ssl 2 js-data 2 typo3/phar-stream-wrapper 2 @sequelize/core 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/langchain-ai/langchain 8 https://github.com/django/django 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/python-pillow/Pillow 7 https://github.com/top-think/framework 7 https://github.com/argoproj/argo-cd 7 https://github.com/apache/struts 7 https://github.com/gogs/gogs 7 https://github.com/Studio-42/elFinder 7 https://github.com/ansible/ansible 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/answerdev/answer 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/parse-community/parse-server 6 https://github.com/apache/tomcat 5 https://github.com/symfony/symfony 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/nervosnetwork/ckb 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/apache/activemq 5 https://github.com/NodeBB/NodeBB 5 https://github.com/froxlor/froxlor 5 https://github.com/keycloak/keycloak 5 https://github.com/stealjs/steal 5 https://github.com/go-gitea/gitea 5 https://github.com/cloudfoundry/uaa 4 https://github.com/liufee/cms 4 https://github.com/dromara/hutool 4 https://github.com/spring-projects/spring-framework 4 https://github.com/janeczku/calibre-web 4 https://github.com/hwchase17/langchain 4 https://github.com/PrestaShop/PrestaShop 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/usememos/memos 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/dompdf/dompdf 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/CVEProject/cvelist 4 https://github.com/otake84/messagepack-rs 4 https://github.com/servo/rust-smallvec 4 https://github.com/pippo-java/pippo 4 https://github.com/octobercms/october 3 https://github.com/mbechler/marshalsec 3 https://github.com/pyload/pyload 3 https://github.com/kjur/jsrsasign 3 https://github.com/modoboa/modoboa 3 https://github.com/rubygems/rubygems.org 3 https://github.com/twisted/twisted 3 https://github.com/denoland/deno 3 https://github.com/simpleledger/slpjs 3 https://github.com/actix/actix-web 3 https://github.com/rubygems/rubygems 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/cobbler/cobbler 3 https://github.com/dwisiswant0/advisory 3 https://github.com/facade/ignition 3 https://github.com/baserproject/basercms 3 https://github.com/apache/shiro 3 https://github.com/centreon/centreon-archived 3 https://github.com/pterodactyl/wings 3 https://github.com/shopware/shopware 3 https://github.com/opencast/opencast 3 https://github.com/dataease/dataease 3 https://github.com/ibexa/core 3 https://github.com/andrewhickman/id-map 3 https://github.com/pimcore/pimcore 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/rancher/rancher 3 https://github.com/craftcms/cms 3 https://github.com/Dolibarr/dolibarr 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/star7th/showdoc 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/publify/publify 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/crewjam/saml 3 https://github.com/github/securitylab 3 https://github.com/neorazorx/facturascripts 3 https://github.com/facebook/hermes 3 https://github.com/hazelcast/hazelcast 3 https://github.com/dexidp/dex 3 https://github.com/apache/camel 3 https://github.com/strapi/strapi 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/run-llama/llama_index 3 https://github.com/TribalSystems/Zenario 2 https://github.com/russellhaering/gosaml2 2 https://github.com/apache/kylin 2 https://github.com/rest-client/rest-client 2 https://github.com/jbroadway/elefant 2 https://github.com/SAP/cloud-pysec 2 https://github.com/nats-io/jwt 2 https://github.com/top-think/thinkphp 2 https://github.com/getgrav/grav 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/javamelody/javamelody 2 https://github.com/ADOdb/ADOdb 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/josdejong/mathjs 2 https://github.com/apache/jmeter 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/ionicabizau/parse-url 2 https://github.com/hashicorp/vault 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/keystonejs/keystone 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/netvl/acc_reader 2 https://github.com/nodejs/llhttp 2 https://github.com/rubyzip/rubyzip 2 https://github.com/jfinal/jfinal 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/gventuri/pandas-ai 2 https://github.com/google/flatbuffers 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/benbusby/whoogle-search 2 https://github.com/sjep/array 2 https://github.com/pytorch/serve 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/gofiber/fiber 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/line/armeria 2 https://github.com/soketi/soketi 2 https://github.com/yaml/pyyaml 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/totaljs/framework 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/ahdinosaur/set-in 2 https://github.com/web2py/web2py 2 https://github.com/mautic/mautic 2 https://github.com/kubernetes/kubernetes 2 https://github.com/js-data/js-data 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/puma/puma 2 https://github.com/ibexa/admin-ui 2 https://github.com/beego/beego 2 https://github.com/MrSwitch/hello.js 2 https://github.com/evmos/evmos 2 https://github.com/http4s/http4s 2 https://github.com/dominictarr/libnested 2 https://github.com/moby/buildkit 2 https://github.com/fluxcd/flux2 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/unshiftio/url-parse 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/markevans/dragonfly 2 https://github.com/gnzlbg/slice_deque 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/omrilotan/async-git 2 https://github.com/apache/dolphinscheduler 2 https://github.com/apache/karaf 2 https://github.com/kujirahand/nadesiko3 2 https://github.com/vert-x3/vertx-web 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/hashicorp/nomad 2 https://github.com/smarty-php/smarty 2 https://github.com/openstack/python-keystoneclient 2 https://github.com/reem/rust-traitobject 2 https://github.com/Agoric/realms-shim 2 https://github.com/git-lfs/git-lfs 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/OpenMage/magento-lts 2 https://github.com/rust-random/rand 2 https://github.com/xwiki/xwiki-rendering 2 https://github.com/apache/flume 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/actix/actix-net 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/commenthol/safer-eval 2 https://github.com/vyperlang/vyper 2 https://github.com/quarkusio/quarkus 2